Merge pull request #9 from str4d/pbkdf2
Replace PKCS5_PBKDF2_HMAC_SHA1 with crates
This commit is contained in:
@@ -18,6 +18,9 @@ keywords = ["ccid", "ecdsa", "rsa", "piv", "yubikey"]
|
|||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
getrandom = "0.1"
|
getrandom = "0.1"
|
||||||
|
hmac = "0.7"
|
||||||
libc = "0.2"
|
libc = "0.2"
|
||||||
log = "0.4"
|
log = "0.4"
|
||||||
|
pbkdf2 = "0.3"
|
||||||
|
sha-1 = "0.8"
|
||||||
zeroize = "1"
|
zeroize = "1"
|
||||||
|
|||||||
@@ -60,15 +60,6 @@ extern "C" {
|
|||||||
);
|
);
|
||||||
fn DES_is_weak_key(key: *mut [u8; 8]) -> i32;
|
fn DES_is_weak_key(key: *mut [u8; 8]) -> i32;
|
||||||
fn DES_set_key_unchecked(key: *mut [u8; 8], schedule: *mut DesSubKey);
|
fn DES_set_key_unchecked(key: *mut [u8; 8], schedule: *mut DesSubKey);
|
||||||
fn PKCS5_PBKDF2_HMAC_SHA1(
|
|
||||||
pass: *const u8,
|
|
||||||
passlen: i32,
|
|
||||||
salt: *const u8,
|
|
||||||
saltlen: i32,
|
|
||||||
iter: i32,
|
|
||||||
keylen: i32,
|
|
||||||
out: *mut u8,
|
|
||||||
) -> i32;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// DES-related errors
|
/// DES-related errors
|
||||||
@@ -244,29 +235,6 @@ pub enum Pkcs5ErrorKind {
|
|||||||
GeneralError = -1,
|
GeneralError = -1,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt a PKCS#5 key
|
|
||||||
pub unsafe fn pkcs5_pbkdf2_sha1(
|
|
||||||
password: *const u8,
|
|
||||||
cb_password: usize,
|
|
||||||
salt: *const u8,
|
|
||||||
cb_salt: usize,
|
|
||||||
iterations: usize,
|
|
||||||
key: *const u8,
|
|
||||||
cb_key: usize,
|
|
||||||
) -> Pkcs5ErrorKind {
|
|
||||||
PKCS5_PBKDF2_HMAC_SHA1(
|
|
||||||
password,
|
|
||||||
cb_password as (i32),
|
|
||||||
salt,
|
|
||||||
cb_salt as (i32),
|
|
||||||
iterations as (i32),
|
|
||||||
cb_key as (i32),
|
|
||||||
key as (*mut u8),
|
|
||||||
);
|
|
||||||
|
|
||||||
Pkcs5ErrorKind::Ok
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Strip whitespace
|
/// Strip whitespace
|
||||||
// TODO(tarcieri): implement this
|
// TODO(tarcieri): implement this
|
||||||
pub unsafe fn _strip_ws(sz: *mut c_char) -> *mut c_char {
|
pub unsafe fn _strip_ws(sz: *mut c_char) -> *mut c_char {
|
||||||
|
|||||||
+7
-21
@@ -35,8 +35,11 @@
|
|||||||
|
|
||||||
use crate::{consts::*, error::ErrorKind, internal::*, yubikey::*};
|
use crate::{consts::*, error::ErrorKind, internal::*, yubikey::*};
|
||||||
use getrandom::getrandom;
|
use getrandom::getrandom;
|
||||||
|
use hmac::Hmac;
|
||||||
use libc::{calloc, free, memcpy, memmove, realloc, time};
|
use libc::{calloc, free, memcpy, memmove, realloc, time};
|
||||||
use log::{error, warn};
|
use log::{error, warn};
|
||||||
|
use pbkdf2::pbkdf2;
|
||||||
|
use sha1::Sha1;
|
||||||
use std::ops::DerefMut;
|
use std::ops::DerefMut;
|
||||||
use std::{ffi::CString, mem, os::raw::c_void, ptr};
|
use std::{ffi::CString, mem, os::raw::c_void, ptr};
|
||||||
use zeroize::{Zeroize, Zeroizing};
|
use zeroize::{Zeroize, Zeroizing};
|
||||||
@@ -1463,19 +1466,14 @@ impl Drop for YkPivMgm {
|
|||||||
/// Get derived management key (MGM)
|
/// Get derived management key (MGM)
|
||||||
pub unsafe fn ykpiv_util_get_derived_mgm(
|
pub unsafe fn ykpiv_util_get_derived_mgm(
|
||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
pin: *const u8,
|
pin: &[u8],
|
||||||
pin_len: usize,
|
mgm: &mut YkPivMgm,
|
||||||
mgm: *mut YkPivMgm,
|
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_data: usize = data.len();
|
let mut cb_data: usize = data.len();
|
||||||
let mut p_item: *mut u8 = ptr::null_mut();
|
let mut p_item: *mut u8 = ptr::null_mut();
|
||||||
let mut cb_item: usize = 0;
|
let mut cb_item: usize = 0;
|
||||||
|
|
||||||
if pin.is_null() || pin_len == 0 || mgm.is_null() {
|
|
||||||
return Err(ErrorKind::GenericError);
|
|
||||||
}
|
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
|
|
||||||
let mut res = _ykpiv_ensure_application_selected(state);
|
let mut res = _ykpiv_ensure_application_selected(state);
|
||||||
@@ -1503,25 +1501,13 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
|||||||
"derived mgm salt exists, but is incorrect size = {}",
|
"derived mgm salt exists, but is incorrect size = {}",
|
||||||
cb_item,
|
cb_item,
|
||||||
);
|
);
|
||||||
}
|
|
||||||
|
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let p5rc = pkcs5_pbkdf2_sha1(
|
let salt = std::slice::from_raw_parts_mut(p_item, cb_item);
|
||||||
pin,
|
pbkdf2::<Hmac<Sha1>>(pin, &salt, ITER_MGM_PBKDF2, &mut (*mgm).0);
|
||||||
pin_len,
|
|
||||||
p_item,
|
|
||||||
cb_item,
|
|
||||||
ITER_MGM_PBKDF2,
|
|
||||||
(*mgm).0.as_mut_ptr(),
|
|
||||||
(*mgm).0.len(),
|
|
||||||
);
|
|
||||||
|
|
||||||
if p5rc != Pkcs5ErrorKind::Ok {
|
|
||||||
error!("pbkdf2 failure, err = {:?}", p5rc);
|
|
||||||
res = Err(ErrorKind::GenericError);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user